@artem3

Update on the NPM attack: The attack fortunately failed, with almost no victims.🔒 It began with a phishing email from a fake npm support domain that stole credentials and gave attackers access to publish malicious package updates. The injected code targeted web crypto activity, hooking into Ethereum, Solana and other chains to hijack transactions, and replacing wallet addresses directly in network responses. The attackers’ mistakes caused crashes in CI/CD pipelines, which led to early detection and limited impact. Still, this is a clear reminder: if your funds sit in a software wallet or on an exchange, you’re one code execution away from losing everything. Supply chain compromises remain a powerful malware delivery vector, and we’re also seeing more targeted attacks emerge. Hardware wallets are built to withstand these threats. Features like Clear Signing let you confirm exactly what’s happening, and Transaction Checks flag suspicious activity before it’s too late.

0 reply

6 recasts

19 reactions